NETSEC 2 Exam Questions and
Answers 100% Pass
1) This book focuses on ________.
A) offense
B) defense
C) offense and defense about equally
D) None of the above - ✔✔B
2) Closing all routes of attack into an organization's system(s) is called ________.
A) defense in depth
B) comprehensive security
C) total security
D) access control - ✔✔B
3) A ________ occur(s) when a single security element failure defeats the overall
security of a system.
A) spot failure
Brittie Donald, All Rights Reserved © 2025 1
,B) weakest link failure
C) defense in depth departure
D) critical failure - ✔✔B
4) Which of the following is a formal process?
A) Annual corporate planning
B) Planning and developing individual countermeasures
C) Both A and B
D) Neither A nor B - ✔✔C
5) A planned series of actions in a corporation is a(n) ________.
A) strategy
B) sequence
C) process
D) anomaly - ✔✔C
6) The growing number of compliance laws and regulations is driving firms to use
formal governance frameworks to guide their security processes. - ✔✔TRUE
7) Many compliance regimes require firms to adopt specific formal governance
framework to drive security planning and operational management. - ✔✔TRUE
Brittie Donald, All Rights Reserved © 2025 2
,8) Planning, protection, and response follow a fairly strict sequence from one stage to
another. - ✔✔FALSE
9) The stage of the plan-protect response cycle that consumes the most time is ________.
A) planning
B) protection
C) response
D) each of the above consumes about the same amount of time - ✔✔B
10) ________ is the plan-based creation and operation of countermeasures.
A) Planning
B) Protection
C) Response
D) All of the above - ✔✔B
11) What is missing from the definition of response as "recovery?"
A) The phrase "according to plan" must be added to "recovery."
B) The definition must refer to specific resources.
C) The phrase "Reasonable degree of" must begin the definition.
D) The phrase "and prosecution" must be added after "recovery." - ✔✔A
Brittie Donald, All Rights Reserved © 2025 3
, 12) Strong security can be an enabler, allowing a company to do things it could not do
otherwise. - ✔✔TRUE
13) The key to security being an enabler is ________.
A) getting it involved early within the project
B) having strong corporate policies
C) extensive training
D) adequate spending on security - ✔✔A
14) IT security people should maintain a negative view of users. - ✔✔FALSE
15) It is a good idea to view the security function as a police force or military
organization. - ✔✔FALSE
16) The first step in developing an IT security plan is to ________.
A) determine needs
B) assess the current state of the company's security
C) create comprehensive security
D) prioritize security projects - ✔✔B
17) Once a company's resources are enumerated, the next step is to ________.
A) create a protection plan for each
Brittie Donald, All Rights Reserved © 2025 4
Answers 100% Pass
1) This book focuses on ________.
A) offense
B) defense
C) offense and defense about equally
D) None of the above - ✔✔B
2) Closing all routes of attack into an organization's system(s) is called ________.
A) defense in depth
B) comprehensive security
C) total security
D) access control - ✔✔B
3) A ________ occur(s) when a single security element failure defeats the overall
security of a system.
A) spot failure
Brittie Donald, All Rights Reserved © 2025 1
,B) weakest link failure
C) defense in depth departure
D) critical failure - ✔✔B
4) Which of the following is a formal process?
A) Annual corporate planning
B) Planning and developing individual countermeasures
C) Both A and B
D) Neither A nor B - ✔✔C
5) A planned series of actions in a corporation is a(n) ________.
A) strategy
B) sequence
C) process
D) anomaly - ✔✔C
6) The growing number of compliance laws and regulations is driving firms to use
formal governance frameworks to guide their security processes. - ✔✔TRUE
7) Many compliance regimes require firms to adopt specific formal governance
framework to drive security planning and operational management. - ✔✔TRUE
Brittie Donald, All Rights Reserved © 2025 2
,8) Planning, protection, and response follow a fairly strict sequence from one stage to
another. - ✔✔FALSE
9) The stage of the plan-protect response cycle that consumes the most time is ________.
A) planning
B) protection
C) response
D) each of the above consumes about the same amount of time - ✔✔B
10) ________ is the plan-based creation and operation of countermeasures.
A) Planning
B) Protection
C) Response
D) All of the above - ✔✔B
11) What is missing from the definition of response as "recovery?"
A) The phrase "according to plan" must be added to "recovery."
B) The definition must refer to specific resources.
C) The phrase "Reasonable degree of" must begin the definition.
D) The phrase "and prosecution" must be added after "recovery." - ✔✔A
Brittie Donald, All Rights Reserved © 2025 3
, 12) Strong security can be an enabler, allowing a company to do things it could not do
otherwise. - ✔✔TRUE
13) The key to security being an enabler is ________.
A) getting it involved early within the project
B) having strong corporate policies
C) extensive training
D) adequate spending on security - ✔✔A
14) IT security people should maintain a negative view of users. - ✔✔FALSE
15) It is a good idea to view the security function as a police force or military
organization. - ✔✔FALSE
16) The first step in developing an IT security plan is to ________.
A) determine needs
B) assess the current state of the company's security
C) create comprehensive security
D) prioritize security projects - ✔✔B
17) Once a company's resources are enumerated, the next step is to ________.
A) create a protection plan for each
Brittie Donald, All Rights Reserved © 2025 4
